Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Groovy Sandbox Bypass
Vulnerability Description
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
动态管理代码资源的控制不恰当
Vulnerability Title
Crafter CMS 访问控制错误漏洞
Vulnerability Description
Crafter CMS是一套面向数字体验应用程序的开源内容管理系统(CMS)。 Crafter CMS 中存在访问控制错误漏洞,该漏洞源于系统未对groovy脚本进行有效验证。具有管理员、开发者权限的攻击者可通过该漏洞使用groovy lib 渲染页面并执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A